: > Identity Theft Resource Center of San Diego is set to announce today that
: > some 656 breaches were reported in 2008, up from 446 in the previous year.
: > Nearly 37 percent of the breaches occurred at businesses, while schools
: > accounted for roughly 20 percent of the reported incidents.

: We need to start tracking who the "External Auditor's" of these entities
: who are being breached are. This information is critically important to
: law enforcement and to the insurance industry as well. Can we add this
: to the DB?

We've discussed adding this field to the database before, but it is
extremely rare that the auditor name is revealed after the incident.

Mandatory disclosure laws should stipulate that certain information
related to the auditing should be disclosed too. PCI status, PCI ASV and
other specific information would be a good start. Until then..